In a scaffold generated models, I have: List has_many Items. I then
modify the routing:
map.resources :lists, :shallow => true, :has_many => :items
map.resources :items, :only => [:index] # thought was that admin may
need look at just the items.
There will be a route generated:
list_items GET /lists/:list_id/items
If I enter a url " localhost:3000/lists/2/items" it will call the
index action of the items controller with :list_id in the parameters,
but the generated default will list all items.
This is a good and bad thing. My question is: If I do this type of
routing, am I supposed to add?
@items = Item.all
It's a good thing that I can do this because I can easily get related
resources in an ajax call. Bad in that if I forget to put something
like above in the nested controller (or restrict access some other
way), the user has access to all nested resources.
Just have not seen this mentioned anywhere - but there are a lot of